Recent Bank DDoS Attacks Reach New Downtime Levels

The Distributed Denial of Service (DDoS) attacks that have been hammering the commercial banking sector since last Fall have reached a new level of efficiency nearly doubling the amount of collective downtime, according to a new report issued by NBC News.

The largest 15 banks were knocked offline for a total of 249 hours during a recent six-week period that ended on March 31st, according to the NBC report that enlisted Internet monitoring firm Keystone Systems to compile total outage times.

Keystone utilized “dummy” login accounts with major banking institutions to access their websites and report back on availability. They found that during the past six-weeks, these bank were offline roughly two percent of the time.

During this same stretch last year, Keystone reported that bank sites endured 140 hours of downtime (a mere one percent unavailability). Keynote spokesman Aaron Rudger told NBC News that while websites go offline for any number of reasons, he felt “comfortable inferring that the so-called al-Qassam attacks were responsible for most of the increase.”

Keystone did not release the report they provided NBC News (and did not respond to a Security Bistro request for additional information), but a searchable database of bank response times and weekly outage hours can be found on their website.

The Izz ad-Din al-Qassam Cyber Fighters apparently resurrected their ongoing hacktivist campaign against world banks roughly a month ago, citing a blasphemous YouTube video as the source of their ire. In the weeks since, Wells Fargo, Capitol One, HSBC and Chase reportedly have suffered outages.

In a January post, we wrote that researchers from Incapsula discovered a botnet-for-hire used in DDoS attacks against at least three of the nearly one-dozen banks being targeted by the extremist group. This variant was able to multiply itself on compromised servers to broaden the size and impact of the launched attacks.

Based on the recent Keystone numbers, it appears these hacktivists may have managed to harness these zombie machines to successfully increase the focus and potency of their assaults.